CIS-1200 SDPSK 1200Bd ("Makhovik", T-230-1A)

updated (23 July 2024)

This transmission, along with a probably spurius emission 600 Hz above, was recorded on 13002.5 KHz (cf) thanks to the remote KiwiSDR located in Azumino-city Nagano, Japan [1].

Fig. 1 - main signal and its spurius

The signal that I assume is the "actual" one and that I analyzed is characterized by a SDPSK (Simmetrical Differential PSK) modulation at a speed of 1200 Baud. Indeed SDPSK is equivalent to π/2 DBPSK or PSK2 with phase rotation: ie, as shown by the transitions in absolute mode, SDPSK assumes that the phase is rotated by +π/2 for bit “0” and by -π/2 for bit “1” thus there is not a 180° turn (transitions do not pass through 0). The information transmitted is encoded in the transition and not in the state. The signal can be demodulated using the differential mode (diff=1).

Fig. 2 - SDPSK modulation

The transmission consists of some segments that differ by the presence or absence of an initial preamble (signals A and B in Figure 3) which consists of a repeated 511-bit length pseudo-random sequence generated by the polynomial x^9+x^5+1 (1) as for the ITU Recommendation O.153 [2] (188-110B "39-tone parallel mode" too uses that sequences).

Fig. 3

 

Fig. 4 - 511 bits length sequence

The presence of such sequences is one of the features of the so-called Makhovik (aka the "flywheel"), a well known Soviet-Mil crypto system. Although someone classifies Makhovik as vocoder, it can can be used for time-multiplexed encryption of both voice and data up to 9600 bps. It's official name is "T-230 bundle ciphering device for teleprinter and  data connections" and was designed to operate in UHF but very often is found in LF and in HF.
After the removal of the initial preamble, the following data block consists of a "common" sequence:

110101100100011110101100100011

followed by 240-bit Initialization Vectors that are sent in 8x30-bit groups, each group repeted three times (Figure 5): these 30-bit groups are another peculiar feature of  the Makhovik system.

010000111011001110010100001110
011101100101000011001010000111
110010100001110010000111011001
001110110010100000111011001010
001110110010100011001010000111
111111111111111000011101100101
001110110010100111011001010000
101100101000011011101100101000

Fig. 5

Segments sent w/out the initial preamble (type B in Figure 3) show exactly the same structure: note as the Initialization Vectors slightly differ (Figure 6): this feature should be further studied (it is probably somehow related to the presence/absence of the initial preamble) but it is necessary to obtain several more recordings.

010000111011001110010100001110
011101100101000011001010000111
110010100001110010000111011001
001110110010100000111011001010
001110110010100011001010000111
111111111111111000011101100101
001110110010100111011001010000
101100101000011011101100101000

010000111011001110010100001110
011101100101000011001010000111
011001010000111100001110110010
111011001010000110010100001110
010100001110110110110010100001
100101000011101001010000111011
111011001010000111111111111111
011101100101000100001110110010

Fig. 6

It's worth noting that in some previous Makhovik recordings I saw differential encoded data & BPSK, while this ones consist of  plain encoded data & SDPSK [3].

update (23 July 2024)
I willingly add a comment sent me by my friend cryptomaster.
The common sequence in Figs 5,6

110101100100011110101100100011

shall be right shifted to appear as

111101011001000111101011001000

which in turn is the repetition of the 15 bits length M-sequence generated by the polynomial x^4+x+1 (Figure 7).

111101011001000

Fig. 7 - the repetition of the 15 bits M-sequence generated by the polynomial x^4+x+1

https://disk.yandex.com/d/Vg5XruORhd8_5A

(1) the use of the polynomial x^9+x^5+1 is quite common in CIS waveforms,see http://i56578-swl.blogspot.com/p/polynomials.html

[1] http://jf0fumkiwi.ddns.net:8073/
[2] https://www.itu.int/rec/T-REC-O.153/en
[3] https://i56578-swl.blogspot.com/search/label/Makhovik 

MS-110D App.D (WBHF) transmissions, Collins Aerospace over-the-air testing? (2)

Yet another MS-110D sample [1] transmitted from Oxford Junction (IA) site, recorded on 19825.7 KHz/USB and sent me by my friend linkz: this signal too is PSK8 modulated at the symbol rate of 2400 Bd but occupies a 3 KHz bandwidth (Figure 1).

Fig. 1 - waveform main parameters

 

The ACF results  shown in Figure 2 formally show the same characteristics, that is, a sort of "superframe" lasting 840 ms (corresponding to 2016 PSK8 symbols, or 6048 bits) comprising seven frames each lasting 120 ms (corresponding to 288 PSK8 symbols, or 864 bits).

 

Fig. 2 - results from the Auto Correlation Function

 

Bandwidth, modulation and framing match the Waveform Number 7 described in MIL-STD 110D Appendix D (WBHF, WideBandHF)

 

The demodulated bitstreams conform to the bitmaps in Figure 2: in particular, the sequences circled in in Figs. 2, 3 are special mini-probes used to mark the interleaver boundaries. In this case they are transmitted every 64 frames, corresponding to the use of the "long interleaver" mode.

 

Fig. 3 - 864 bits (266+32 PSK8 symbols) period demodulated bitstream

Just to verify compliance with the MS-110D standard, the mini-probes are made up of a repeated sequence of 16 symbols while the miniprobes used to mark the boundaries of the interleaver block are shifted by 8 steps (Figure 4).

 

Fig. 4 - the generic mini-probe and the interleaver marker mini-probe

As expected, the 840 ms spikes resulting from  ACF are due to the cyclic nature of the transmitted data: that is, the same block of data consisting of 7 frames (Figure 5).

 

Fig. 5 - data blocks after the removal of mini-probes

As stated at the beginning, Direction Finding (TDoA algorithm) tests done by my friend linkz indicate Oxford-Junction as the site of the transmitting antenna (Figure 6); more over "It's interesting to note that this data seems to be sent always 22.5 kHz lower than the ALE slots. So far noticed on: 8000.7 USB (8023.2 - 22.5kHz), 18275.7 USB (18298.2 - 22.5kHz), 19825.7 USB (19848.2 - 22.5kHz)" linkz write.

 

Fig. 6 - Direction Finding tests results (thanks to linkz)

https://disk.yandex.com/d/LcwmPMweeu6C0A

 

[1] http://i56578-swl.blogspot.com/2024/06/ms-110d-appd-wbhf-transmissions.html

MS-110D App.D (WBHF) transmissions, Collins Aerospace over-the-air testing?

Wideband transmission heard a few days ago on 19829.0 KHz (cf) around 1713Z, the recording was kindly sent to me by my friend linkz who also performed - successfully - the Direction Finding attempts (see below).
As from Figure 1, the signal occupies a 6 KHz bandwidth and is modulated using PSK8 at the symbol rate of 4800 Baud. Given that the subcarrier is about 6000 Hz, and it shall be 3300 Hz (300 + 1/2 BW, as usual), the signal should be -2700 Hz shifted (the tuning frequency should be around 19826.0 KHz/USB). 

Fig. 1 - signal parameters

The ACF value and its framing are quite interesting: as can be seen in Figure 2, the autocorrelation plot shows pronounced spykes at 892.4 ms (4284 symbols/12852 bits) due to the existence of a sort of "superframe" consisting of seven frames marked by less evident spikes. The latter have a value of 127.5 ms (612 symbols/1836 bits) consisting of 544 symbols of unknown data followed by 68 (known) channel mini-probe symbols.

Fig. 2 - 127.5 ms & 849.4 ms ACFs

From the above results (bandwidth, modulation and framing) the signal belongs to MIL-STD 110D Appendix D (WBHF, WideBandHF), more precisely the Waveform Number 7: this appendix is a non-mandatory part of MIL-STD-188-110C; however, when data is to be communicated in single contiguous HF radio bandwidths greater than 3 kHz, up to 48 kHz, the waveforms employed shall be in accordance with this appendix. The PSK8 demodulated bitstream is shown in Figure 3.

Fig. 3 - bitstream after PSK8 demodulation

It is worth noting (and verify) some features of this waveform.
As per Table D-XXI the mini-probes consists of a 36 symbol "base sequence" cyclically extended to the required length: in our case, 68 symbols. W/out going into the merits of the mini-probes formation, some resulting mini-probes are shown in Figure 4.

Fig. 4 - 68 symbols mini-probes

In the zoomed bitstream in Figure 5, a characteristic pattern of the mini-probes is seen at intervals of 64 frames: this is because the mini-probes are also utilized to identify the long interleaver block boundary. Indeed, in our case the block length is just 64 frames. The boundary marker is accomplished by tansmitting a cyclically rotated version of the mini-probe (#D.5.2.2).

Fig. 5 - interleaver block boundary

Figure 6 shows the mini-probe marking the long interleaver block boundary: in accordance with Table D-XXI, the mini-probe is formed of the 36 symbols base sequence after 18 cyclic rotations.

Fig. 6

 

As shown in Figure 7, the data block is formed of groups of seven 544 symbol frames (7×544 data symbols) each group consisting of the same data, regardless of the scrambler since the scrambling sequence generator polynomial (x^9 +x^4 +1) is initialized to 00000001 at the start of each data frame (the 511 bits length scrambling sequence is repeated just slightly more than 3 times). The repetitions of these seven groups cause what I designed as "superframe" (see Figure 2) which indeed has a 892.49 ms ACF, corresponding to 7 frames (7×127.5 ms).  Based on the above, it can be said that 127.5 ms is the ACF value of frames and 892.4 is the ACF value of data symbols.

Investigating the nature of these bits does not make much sense since they are actually demodulated "symbols", i.e. data bits after having passed through the modulation chain (FEC encoder, interleaver, Gray decoder, scrambler). The repetitions could suggest a test transmission, but that's just my guess.

 

Fig. 7 - the 7-frame groups that form the data block and that cause the 892.4 ms ACF

As said above, my friend linkz did a great Direction Finding job and pinpointed Oxford Junction (IA) as Tx site location (see Figure 8 below).

Fig. 8 - DF runs (TDoA algorithm), thanks to linkz

The Oxford Junction transmitter site was operated by Rockwell Collins (now part of Collins Aerospace): a paper that they presented at HFIA Meeting in San Diego (February 4, 2010) just confirms the assumption and also shows an aerial photo of the HF station (Figure 9), notice that both EarthExplorer and Google Earth obscured that site.

Fig. 9

Since the Tx location, probably the heard transmissions are WBHF over-the-air test by Collins Aerospace... but that's another guess.

https://disk.yandex.com/d/oj5V4VHl6zb9Gg 

https://www.dropbox.com/scl/fi/4hc6eszz6xvo689b2ah5o/...

300 bps (FSK & STANAG-4285) fleet broadcast, UK DHFCS

Fig. 1 - 300Bd fleet broadcast on 4505.0 KHz/USB

Uncommon 300 bps fleet broadcast heard on 4505.0 KHz/USB and using both FSK modulation (with a 850 Hz shift) and PSK modulation (STANAG-4285 300 bps/Long). I say here "uncommon" given that:
- usually (NATO) fleet broadcasts use FSK 50-75 bps or 600 bps, as per the standards STANAG-4481 & STANAG-4285;
- unlike the 50-75 bps, this FSK waveform uses a 1700 Hz offset from the suppressed carrier;
anyway, frequency offset and speed are still S-4481 compliant (1)(2). 

Fig. 2 - FSK 300Bd/850 fleet broadcast

Both the broadcasts are secured by KW-46 encryption (or other emulating device such as the programmable KIV-7M) given the presence of the M-sequences generated by the polynomial x^31 + x^3 +1 (KW-46T uses that sequence to synch the KW-46R receive devices). Note in Figure 2 that the number of "positives" depends on the number of the analyzed bits.

Fig. 2 - KW-46 encryption in both FSK & S-4285 transmissions

Direction Finding (TDoA algorithm) pinpoints the Tx site of Crimond, former RNAS Rattray, belonging to UK DHFCS (Defense High Frequency Communications Service) which is  operated by Babcock International Group [1].

Fig. 3 - direction findings

I noticed that some (old) logs report the frequency of 5405.2 KHz for the operation of DHFCS STANAG-4285: the value I indicate here (4505.0 KHz) is currently the correct one and seems a "new" slot, although also used by E11. The 300 bps transmissions were on the air for a few days only, perhaps for testing purposes of some on-board (old) equipment or other needs.
Monitoring thanks to the Weston KiwiSDR (UK).

https://disk.yandex.com/d/6BmT7ItamKbPqA

https://www.dropbox.com/scl/fi/ht3hiv2fg74lpqqt8kyt0/300Bd_bcast.zip...

(1) Annex C to STANG-4481 "2. [...] It is recognised that equipment uses different offsets from the suppressed or reinserted carrier (i.e. 1700 and 2000 Hz) in order to achieve the mark and space frequencies. This will not cause an interoperability problem as long as the single channel wideshift of ± 425 Hz is used. 

(2) Annex C to STANG-4481 "5. [...] The minimum user data rate will be 75 bits per second (bps). Higher speeds, including 150 bps, 300 bps or higher may be implemented when necessary".

[1] ttps://en.wikipedia.org/wiki/Defence_High_Frequency_Communications_Service  

async GFSK 300Bd/200 bursts (unid)

Some days ago my friend cryptomaster sent me an unid FSK transmission heard for several consecutive days at the frequency of 5114.0 kHz USB. Main waveform parameters are a keying speed of 300 Bd and a shift of 200 Hz: clearly a GFSK modulation (Figure 1).

Fig. 1 - GFSK modulation

The signal is not continuous as it consists of GFSK "bursts" lasting approximately 632ms separated by the transmission of only the higher frequency, the whole has a duration of approximately 1093 ms (Figure 2).

Fig. 2

Consequently, as can be seen from the bitmap in Figure 3, the signal has a period of 1093.83 ms (328 bits) which, in my opinion, is due to the particular formation of the signal and not to the structure of the transported data.

Fig. 3 - bitmap of the signal period

Each data segment is 8N1 framed and since its lasting of about 632ms, consists of 190 bits (speed is 300 Bd). Note that it seems that every data segment starts and ends with the same "sequences".

Fig. 4

Fig. 5

After removing the start/stop bits, the analysis of the code did not reveal anything structured or known.

https://www.dropbox.com/scl/fi/75221eu8tww6tbpbkk8tp/2024-06-04T07_48_10Z_5114.00_usb.wav?rlkey=rkpasut70np1qyuzfm74v9b2t&st=9w0ogj1k&dl=0

does wideband Akula use a FBMC-SS waveform?

The idea for this post came to me while talking with my friend ANgazu (from radiofrecuencias.es) about an emerging Spread Spectrum (SS) technique that uses MultiCarrier waveforms (MC-SS). The question that came up was whether the so-called "wideband" Akula (15 × 500Bd DBPSK) used this type of spread spectrum technique, specifically a Filter Bank based multicarrier waveform (FBMC-SS).

I demodulated the 15 channels and found that they carry the same information carried by the following "usual" FSK 500Bd/1000 transmission (Figs. 1,2,3).

Fig. 1 - channels 1-6

Fig. 2 - channels 7-12

Fig. 3 - channels 13-15 and FSK segment

Channel separation is 2 Khz, quite enough to allow a easy detection and filtering of the subcarriers, for a total bandwidth of 30 KHz (Figure 4).  As one can see, wideband Akula's spectrum is very different from other  multicarrier waveforms like OFDM or mPSK (if only for the used bandwidth).

Fig. 4 - wideband Akula and its spettral occupancy

Two popular spread spectrum systems in usage today are frequency-hopping spread spectrum (FH-SS) and direct-sequence spread spectrum (DS-SS). The basic idea of the multicarrier spread spectrum (MC-SS) is to transmit redundant information on multiple subcarriers with a slight phase variation on each one. The Filter Bank MultiCarrier Spread Spectrum (FBMC-SS) waveform, as its name implies, makes use of a filter bank to develop a spread spectrum technique. With this waveform, data symbols  are spread across a number of non-overlapping adjacent subcarriers unlike in DS-SS, where spreading is performed across time, as it happens using Walsh Direct Sequence Spread Spectrum (Walsh DS-SS). The carriers are positioned in a way that the receiver can isolate a single channel by means of selective filtering without interchannel interference. One unique feature of this FBMC-SS construction is that it can easily mask portions of the band that are corrupted by interference or jamming intended by a foe: indeed, a narrow band interference stays well isolated and does not affect more than a few subcarriers (it is no coincidence that I heard wideband Akula using a remote SpyServer receiver located in Ukraine).

 

I don't have the tools to say for sure that they use a FBMC-SS waveform, but there are some elements that lead to this conclusion. In the links below you can download, in addition to the signal and the channel demodulations, interesting documentation about FBMC-SS so that people more skilled than me can comment or deny our hypothesis.

 

https://www.dropbox.com/scl/fi/kp1... 

https://www.dropbox.com/scl/fi/enue79... 

a STANAG-4285 autobaud waveform?

Interesting STANAG-4285 transmission heard on 14000 KHz/USB and sent me by my friend GrandBleu from radiofrecuencias.es (Figure 1)

Fig. 1 - STANAG-4285 segments

The 35 sec segments seem a modified S-4285 waveform since they begin with a block, that I here refer to as "header", and which is not referenced in the standard. The header has a duration of 116ms and is modulated using PSK2, as you may see in Figure 2.

Fig. 2 - PSK2 modulation detected in the initial "header"

I used the SA phase detector and its relative bitmap in order to "browse" the signal and to better indagate the header. Looking at Figure 3 you may see a 13.333ms repeated pattern: well, 13.333ms @ 2400 symbols/sec makes a duration of 32 symbols (31,999) or 32 bits, since the header is PSK2 modulated (ie 1 bit = 1 symbol).

Fig. 3 - 32-bits repeated pattern in the header of the heard S-4285 waveform

Consequently, I tried a PSK2 demodulation of the headers of some segments and after their differential decodings I obtained  bitstreams which exhibit a well-defined structure consisting of initial and final "01"s sequences and characterized by a 32 bits sequence which is six times repeated immediately before of the final "01"s sequence and that exactly matches the pattern seen in the bitmap of Figure 3.

[10100001001111001111100011011110]

Fig. 4 - differential PSK2 decoding of a header

The same 32-bit sequence was found in all the headers I demodulated (just 3 of them are shown in Figure 5), even if it didn't appear in the same order I wrote it: one must consider the characteristcs of the SA's generic (!) PSK-n demodulator .

Fig. 5

I don't think this so-called header is actually a “transmit level control” (TLC) block. Indeed, no information is carried by the TLC since it's a sequence of symbols intended solely for the purpose of establishing the radio TGC (transmit gain control), ALC (automatic level control) and AGC (automatic gain control) before the actual preamble is sent/received. In my opinion this S-4285 waveform feature an “autobaud” facility (1) which is coded in the initial header (perhaps a Walsh coded sequence?). As shown in Figure 5, the autobauding information would consist of 6 frames, each with a duration of 13.3 ms and a length of 32 bits (total length of 192 bits), and precedes the S-4285's usual synchronization preamble.

And let's get to the data blocks. To identify which sub-mode is used I chose from time to time the various options made available by a S-4285 decoder (k500) until I found the option that had 100% confidence and 0 errors: that is, 300bps and zero length interleaving.  As a test, I used a second S-4285 decoder and always got the same result even if the resulting bitstreams didn't seem structured. Although these decoders indicated 100% confidence and 0 errors (corrections), curiously they did not detect/show the 32-bit words used for signaling the Start Of Message (SOM = 0x03873C3C MSB first) and End Of Message (EOM = 0x4B65A5B2 MSB first): could it be sign of a "fake" decoding? Finally, I used a third, more sophisticated, decoder configuring it in "auto-detect" mode: this third test also confirmed the 300bps/N sub-mode but with the reporting of corrections and a resulting bitstream with a 40-bit/5-byte period that has - in my opinion - a bit more sense.
The 40-bit length period is due to the presence of a sequence that is four times repeated near the end of all the decoded segments (Figure 6). Note that the same considerations made above apply to the sequence in question.

[1101101000100111101001111111000111100101]

At first glance it could be an EOM/EOT signal but the bitstream should come from a higher level protocol (datalink layer) i.e. after the removal of the S-4285 overhead and therefore should have a different function.

Fig. 6 - a data blocks bitstream

That datalink protocol (if any ) is at present unknown to me.

Back to the initial headers, I remembered having seen something similar a while back while I was analyzing Harris' serial PSK8 waveforms [1] and by demodulating their initial headers I found a correspondence between those headers and the one analyzed here: that is, a sequence of 32 bits of length which is repeated six times between sequences of initial and final "01"s (Figs. 7,8)

Fig.7

Fig.8

From the above it seems that L3Harris (and perhaps not only them) have added the "autobaud" function to some waveforms such as STANAG-4285, obviously it is only my hypothesis which has no direct or indirect confirmation: your comments and other submissions will be as usual welcome and may assist in resolving this matter.

https://drive.google.com/file/d/1WD9gBFzbGnmMdBFITTOYFf5AOTWCij4y/view?usp=sharing

(1) the “autobaud” facility enables the receiver modem to automatically adapt the transmitter’s data rate and interleaver configuration without operator intervention

[1] http://i56578-swl.blogspot.com/2021/11/harris-psk8-2400-bd-digital-voice.htm

Japanese Navy fleet broadcast, a review of the "Japanese Slot Machine" (I)

Japanese Maritime Self-Defence Forces (JMSDF) HF Fleet Broadcast, also known as the "Japanese Slot Machine", heard with data payloads on 8312.50 KHz/USB using a remote KiwiSDR located in Azumino-city, Nagano Japan [1]. This signal has the Enigma designation "xsl" but I honestly don't understand why it was placed among the "mysterious signals" or even among the number stations: probably due to its characteristic idling refrain because it is nothing more than a fleet broadcast as well as the continuous and uninterrupted STANAG-4285 transmissions. 

The waveform is composed of the idle phase and the traffic/data phase. 

The data waveform occupies a 2 KHz bandwidth and use a 1500 Hz sub-carrier which is QPSK modulated at the symbol rate of 1500 Baud (Figure 1). 

Fig. 1 - QPSK parameters of the data waveform

The signal has strong ACF spikes every 93.33 ms (Figure 2) that, at the speed of 1500 Bd, correspond to a frame of 140 dibit symbols in length (frame rate of 10.71 Hz).

Fig. 2 - autocorrelation spikes and relative bitmap (data waveform)

The demodulated bitstream in Figure 3 shows a framing consisting of a probe/sync aimed "preamble" sequence (ps) of 28 known symbols (56 bits) in length followed by 112 unknown symbols representing the transferred data

[10001010001000100000001010100010101010100000100000101000]

Fig. 3 - 140 QPSK symbols (28 + 112) frame structure

Looking at the representation of the QPSK symbols of a frame (Figure 4) you can see that the 28 symbols of the preamble sequence are PSK2 modulated and then mapped to dibit symbols.

Fig. 4 - graphic rapresentation of a 140-symbol frame

The confirmation comes from the examination of the second degree harmonics in Figure 5 where the PSK2 modulation of the subcarrier can be clearly distinguished for a duration of 18.66 ms corresponding to 28 symbols at the keying speed of 1500 Baud. Also note the accentuated PSK transitions in the phase diagram.

Fig. 5 - PSK2 modulations

Data symbols have a flat autocorrelation indicating a (convolutional?) coding other than interleaving and encryption: bit distribution and Shannon entrophy graphs are good clues.

Fig. 6 - bit distribution and Shannon entropy of the data symbols

The idle waveform too is QPSK modulated at a symbol rate of 1500 baud but has a complex framing which to some extent follows the traffic waveform. As in the traffic waveform, the framing consists of repetions of 140 symbols/93.33 ms frames which generate the distinctive audio refrain (Figure 7).

Fig. 7 - idle phase signal

The underlying clicks audible during the idle phase have a frequency of 11.5 Hz and corresponds to the 140-symbol frames (Figure 8).

Fig. 8 - 11.5 Hz ticks

The autocorrelation of the idle signal (Figure 9) shows strong 5973 ms spikes grouping the lower 93.33 ms spikes; since the 1500 Bd keying speed, from a simple calculation the 5973 ms ACF results as a group of 64 frames each of 140 symbols: the 64 frames sequence is here designated as "superframe" and it exactly lasts as the refrain.  

Fig. 9 - autocorrelation spikes and relative bitmap (idle waveform)

The superframe structure is visible in the demodulated bitstream once reshaped to 140 symbols (280 bits) in order to highlight the 64 component frames: it's worth noting the presence of the same 28 symbols preamble sequence seen in the demodulated data bitstream (Figs 10, 3). Since the preambles are repeated in all frames, they are the cause of the underlying clickings mentioned above.

Fig. 10 - idle waveform, superframe structure

After the removal of the preamble sequence, it's easy to see that the remaining 112 symbols of the superframes are formed of four 28-symbols blocks, each block consisting of the same patterns (Figure 11).

Fig. 11

After having isolated a single block I identified eleven patterns (designated here as p01 - p11) which are repeated in various ways within it (Figure 12). 

☆ Please notice that: ☆

1) the "designations" I used here are only mine and are introduced just for convenient reference.

2) the repeated patterns p01-p11 are numbered in the order of their appearance within a frame (the first pattern is the one following the preamble)

3) the choice of which frame in the superframe should be designated as the first one is arbitrary (superframe boundaries may be seen as a fixed-width 64-frame sliding window)

4) I chose the carrier reference phase such that the probe/sync preamble is

[10001010001000100000001010100010101010100000100000101000]

another arbitrary carrier phase reference could be chosen and then the resulting patterns will differ: therefore the values of the patterns in Figure 11 are not to be understood here as "absolute"

Fig. 12 -  repeated patterns

The repeated patterns are indicated in Table I: note that the pattern p01 is composed of 28 symbols of the same phase and therefore generates a single tone as well as the pattern p06 does, being in counter-phase with respect to p01 (180° far).

Table I

 The superframe is then described as in Table II.

Table II

Patterns p02 and p05 seem to play a particular role: in the first 44 frames looks like they are used as "separators" between three frames of same value (redundancy?) while they are used exclusively - and grouped - in the remaining 20 frames. Most likely the long duration of the idle phase provides a strong channel probing and frame/time synchronization for the receive modems. It's worth noting that the duration of the data phase is a multiple of the duration of the idle superframe, e.g. 7 times in the sample shown in Figure 13. 

Fig. 13

A "hybrid" superframe is sometimes transmitted alone or immediately before/after data superframes and consists of a mix of 16 QPSK data inserts and repeating patterns - that's why I called it "hybrid" (Figure 14).

Fig. 14 - hybrid superframe

 Frames 16 and 17 are joined in case two hybrid superframes are transmitted consecutively (Figure 15)

Fig. 15 - two hybrid superframes transmitted consecutively

The demodulated bitstream of a hybrid superframe shows the expected framing: that is, the usual preamble of 28 symbols followed by four blocks, each of 28 symbols (Figure 16).

Fig. 16 - demodulated bitstream of the hybrid superframe

The 28-symbol reshaped bitstream (after removing the preamble sequence) clearly shows the 16 QPSK data inserts separated by the two patterns hp01 and hp02

[11000000001010101011000000001010101011000000001010101011]
[01101010100000000001101010100000000001101010100000000001]

Fig. 17 - 28-symbol reshaped demodulated bitstream of the hybrid superframe

While idle superframes are most likely used for channel probing and frame/time synchronization, the purpose of hybrid superframes is unclear as they also carry coded information.

As said above, the choice of a different carrier phase reference will obviously produce different values of the patterns. So, since that:
- the preamble sequence is PSK2 modulated (Figs 4,5)
- the phase offsets between preamble and patterns symbols shall be preserved
according to the choice of the carrier phase reference and relative mappings we'll get four different preamble sequences and thus four different "sets" of the eleven patterns p01-p11... but the same "formal" scheme as Table II will always be obtained. The same goes for hp01-hp02 patterns of the hybrid superframe.

Table III

The frames structure that is used for the idle and data/traffic waveforms is shown in Figure 18, a possible functional block diagram of the modem is illustrated in Figure 19. When switch S is in positions 2-1 the data phase is selected, positions 2-3 are used for the idle phase, positions 2-4 are used for the hybrid superframes. The presence of the interleaver & Gray decoder block is a my guess.

Fig. 18 - Frame structure for "Slot Machine" idle and traffic/data waveforms

Fig. 19 - "Slot Machine" (possible) functional block diagram

 

Direction Finding tries (TDoA algorithm) pinpoint the Ichihara transmitting station as the source of the signal [2]. 

Fig. 20 - direction finding results

The Ichihara transmitting station occupies an extensive area next to a golf course in Ichihara City. It has a microwave tower with four dishes, a large HF inverted conical array, strung between six tall masts, a mast with HF and VHF vertically polarised inverted conical monopoles, two HF rhombic antennas, two large horizontal HF/VHF log-periodic antennas, and a large horizontal curtain antenna [3].

Fig. 21 - Ichihara transmitting station (by google earth image)

Fig. 22 - Ichihara transmitting station antennas (by google street view)

A question still remains unanswered: why did JMSDF engineers design such a complex, though easily recognizable, idle waveform?

https://disk.yandex.com/d/suGK1GjRDEuX6Q
https://disk.yandex.com/d/qd4Cjj-YptLepg (Ichihara, file KML)

[1] http://jf0fumkiwi.ddns.net:8073/
[2] https://www.mod.go.jp/en/presiding/law/sdf.html
[3] https://www.jstor.org/stable/j.ctt13wwvvt.12